Reputation: 155
Gitlab-ci-token user unable to clone repositories
I am trying to setup a docker runner and successfully registered the runner with gitlab-ce. However, when the job runs it always fails with the follow:
Running with gitlab-ci-multi-runner 1.10.2 (d171b73)
Using Docker executor with image python:3.4 ...
Starting service postgres:latest ...
Pulling docker image postgres:latest ...
Waiting for services to be up and running...
Pulling docker image python:3.4 ...
Running on runner-b35ff618-project-96-concurrent-0 via toucan...
Cloning repository...
Cloning into '/builds/amrstratus/webportal'...
fatal: unable to access 'https://gitlab-ci-token:[email protected]/amrstratus/webportal.git/': Failed to connect to gitlab.xxxxxx port 443: Connection refused
ERROR: Build failed: exit code 1
I tried simply to clone the repository and got a similar error:
root@toucan:/tmp# git clone https://gitlab-ci-token:[email protected]/amrstratus/webportal.git/
Cloning into 'webportal'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'https://gitlab-ci-token:[email protected]/amrstratus/webportal.git/'
Access via https seems to work fine and everything else seems to work.
Any ideas? I am totally stuck.
System Details:
Debian 8 (Jessie)
GitLab 8.16.2
GitLab Shell 4.1.1
GitLab Workhorse v1.3.0
GitLab API v3
Git 2.10.2
Ruby 2.3.3p222
Rails 4.2.7.1
PostgreSQL 9.6.1
Upvotes: 5
Views: 14245
Answers (3)
Reputation: 1818
Although a solution is already been given for the problem but using the personal token. As pointed out, it might be failing because if you cloned using the CI_BUILD_TOKEN/CI_JOB_TOKEN, that is only valid for that job run. So, if you want the pull to work through the runner everytime, you can specify url while pulling :
git pull https://gitlab-ci-token:[email protected]/developers/<projectname>.git
This way, on every pull request, the new token is used.
Upvotes: 0
Reputation: 1327784
Note that there might be two issue.
Regarding the token itself (and fatal: Authentication failed ), see this thread
The CI token is now securely generated for each build. It's available in
$CI_BUILD_TOKEN.
If you're cloning a different repository from.gitlab-ci.yml(like we were) your best bet is to use SSH.Another solution is to use your personal private token:
git clone https://<username>:<private-token>@gitlab.anydomainhere.com/developers/<projectname>.git
(please realize this token gives access to all your projects)
The other issue is related to Docker: fatal: unable to access
You need to be sure you can communicate to your Gitlab instance (as in here or in issue 305).
And check the ownership as in this thread.
Upvotes: 4
Reputation: 2955
I know this is old, however, what fixed this issue for me was the adjustments to workhorse as per this comment.
Modified /etc/gitlab/gitlab.rb as follows:
Uncomment this line
gitlab_workhorse['enable'] = true
Add these 2 lines
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
Then modified the webserver config to point the reverse proxy to this instead of unicorn.
Upvotes: 0
Related Questions
- How to set a gitlab CI token in runner with rights to write to repository
- fatal: failed to start gitlab-runner: access is denied
- GitLab runner unable to clone repository via http
- Gitlab clone project: authentication failed
- Gitlab-runner has 'access denied' when pushing built image
- Runner cannot clone gitlab repository
- Gitlab-CI cannot clone
- Gitlab Runner on local VM with Gitlab CE cannot clone repo
- Can’t clone repo from GitLab CI in Docker
- Gitlab CI can't clone gitlab repo